package net.appsec.webapp.controller;

import javax.servlet.http.HttpSession;
import net.appsec.webapp.bean.Customer;
import net.appsec.webapp.business.CustomerBusiness;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@Controller
@RequestMapping({ "/customer" })
public class CustomerController {

	@Autowired
	private CustomerBusiness customerBusiness;

	@RequestMapping({ "/login" })
	public String index() {
		return "login";
	}

	@RequestMapping({ "/logout" })
	public ModelAndView logout(HttpSession session) {
		session.setAttribute("session_customer", null);
		session.invalidate();
		return new ModelAndView("login");
	}

	@RequestMapping({ "/reg" })
	public String toRegister() {
		return "register";
	}

	@RequestMapping({ "/card" })
	public ModelAndView toCardNo(HttpSession session) {
		Integer id = (Integer) session.getAttribute("session_customer");
		Customer customer = this.customerBusiness.get(id);
		return new ModelAndView("card_set", "cardno", customer.getCardno());
	}

	@RequestMapping({ "/pass" })
	public String toPassword() {
		return "pass_set";
	}

	@RequestMapping(value = { "reset" }, params = { "type=card" })
	public ModelAndView reset(@RequestParam String cardno, HttpSession session) {
		Integer id = (Integer) session.getAttribute("session_customer");
		Customer customer = this.customerBusiness.get(id);
		if ((cardno != null) && (cardno.length() == 16)) {
			customer.setCardno(cardno);
			if (this.customerBusiness.save(customer)) {
				return new ModelAndView("card_set", "info", "Reset success!");
			}
			return new ModelAndView("card_set", "error", "Failed to reset!");
		}
		return new ModelAndView("card_set", "error", "Invalid new card no!");
	}

	@RequestMapping(value = { "reset" }, params = { "type=pass" })
	public ModelAndView reset(@RequestParam String oldpassword,
			@RequestParam String newpassword, @RequestParam String rpassword,
			HttpSession session) {
		Integer id = (Integer) session.getAttribute("session_customer");
		Customer customer = this.customerBusiness.get(id);
		String password = customer.getPassword();
		if (oldpassword == null)
			return new ModelAndView("pass_set", "error",
					"Old password can't be empty!");
		if (!oldpassword.equals(password))
			return new ModelAndView("pass_set", "error",
					"Old password is not right!");
		if (oldpassword.equals(newpassword))
			return new ModelAndView("pass_set", "error",
					"New password can't be same with old password!");
		if (rpassword == null)
			return new ModelAndView("pass_set", "error",
					"Repeat password can't be empty!");
		if (!rpassword.equals(newpassword)) {
			return new ModelAndView("pass_set", "error",
					"New password can't be different with repeat password!");
		}
		customer.setPassword(newpassword);
		if (this.customerBusiness.save(customer)) {
			return new ModelAndView("pass_set", "info", "Reset success!");
		}
		return new ModelAndView("pass_set", "error", "Failed to reset!");
	}

	@RequestMapping({ "/process" })
	public ModelAndView main(@RequestParam(required = true) String action,
			@RequestParam(required = true) String code,
			@RequestParam(required = false) String rpassword,
			Customer customer, HttpSession session) {
		String rightCode = (String) session
				.getAttribute("session_validation_code");

		if ((action == null) || ("login".equalsIgnoreCase(action.trim()))) {
			if ((code == null) || (!code.equals(rightCode))) {
				return new ModelAndView("login", "error",
						"Invalid validation code!");
			}
			customer = this.customerBusiness.find(customer);
			if (customer == null) {
				return new ModelAndView("login", "error",
						"Invalid name and password!");
			}
			session.setAttribute("session_customer",
					Integer.valueOf(customer.getId()));

			return new ModelAndView("main", "customer", customer);
		}

		if ("reg".equalsIgnoreCase(action.trim())) {
			String password = customer.getPassword();
			if (!rpassword.equals(password)) {
				return new ModelAndView("register", "error",
						"Password does not match!");
			}
			if ((code == null) || (!code.equals(rightCode))) {
				return new ModelAndView("register", "error",
						"Invalid validation code!");
			}
			if (this.customerBusiness.add(customer)) {
				return new ModelAndView("login", "info", "Register success!");
			}
			return new ModelAndView("register", "error", "Fail to register!");
		}

		return null;
	}
}